Export (0) Print
Expand All

AFD_EVENT_CREATE event

The AFD_EVENT_CREATE event is a Winsock network tracing event for a socket creation operation.


const EVENT_DESCRIPTOR AFD_EVENT_CREATE = {0x3e8, 0x0, 0x10, 0x4, 0xa, 0x3e8, 0x8000000000000004};

Parameters

EnterExit

Information on this event.

The following table lists the possible values for the EnterExit parameter:

ValueMeaning
0

The start of a Winsock request.

1

The Winsock request completed.

2

The Winsock AFD driver took an internal action (aborting a connection, for example).

3

The TCP/IP driver caused this event to occur. This usually indicates a data notification.

4

The Winsock AFD driver caused this event to occur (setting a socket option, for example).

 

Location

A private field used internally.

Process

The EPROCESS address of the process that owns the related socket. This is an opaque structure that serves as the process object for a process. For more information, see the Windows Driver Kit documentation for the EPROCESS structure.

Endpoint

The AFD_ENDPOINT address of the socket.

AddressFamily

The address family specification for the socket. Possible values for the address family are defined in the Ws2def.h header file. Note that the Ws2def.h header file is automatically included in Winsock2.h, and should never be used directly.

The values currently supported are AF_INET or AF_INET6, which are the Internet address family formats for IPv4 and IPv6. Other options for address family (AF_NETBIOS for use with NetBIOS, for example) are supported if a Windows Sockets service provider for the address family is installed.

The table below lists common values for address family although many other values are possible.

AfMeaning
AF_UNSPEC
0

The address family is unspecified.

AF_INET
2

The Internet Protocol version 4 (IPv4) address family.

AF_IPX
6

The IPX/SPX address family. This address family is only supported if the NWLink IPX/SPX NetBIOS Compatible Transport protocol is installed.

This address family is not supported on Windows Vista and later.

AF_APPLETALK
16

The AppleTalk address family. This address family is only supported if the AppleTalk protocol is installed.

This address family is not supported on Windows Vista and later.

AF_NETBIOS
17

The NetBIOS address family. This address family is only supported if the Windows Sockets provider for NetBIOS is installed.

The Windows Sockets provider for NetBIOS is supported on 32-bit versions of Windows. This provider is installed by default on 32-bit versions of Windows.

The Windows Sockets provider for NetBIOS is not supported on 64-bit versions of windows.

The Windows Sockets provider for NetBIOS only supports sockets where the type parameter is set to SOCK_DGRAM.

The Windows Sockets provider for NetBIOS is not directly related to the NetBIOS programming interface. The NetBIOS programming interface is not supported on Windows Vista, Windows Server 2008, and later.

AF_INET6
23

The Internet Protocol version 6 (IPv6) address family.

AF_IRDA
26

The Infrared Data Association (IrDA) address family.

This address family is only supported if the computer has an infrared port and driver installed.

AF_BTH
32

The Bluetooth address family.

This address family is only supported if the computer has a Bluetooth adapter and driver installed.

 

SocketType

The type specification for the new socket. Possible values for the socket type are defined in the Winsock2.h header file.

The following table lists the possible values for the type parameter supported for Windows Sockets 2:

TypeMeaning
SOCK_STREAM
1

A socket type that provides sequenced, reliable, two-way, connection-based byte streams with an OOB data transmission mechanism. This socket type uses the Transmission Control Protocol (TCP) for the Internet address family (AF_INET or AF_INET6).

SOCK_DGRAM
2

A socket type that supports datagrams, which are connectionless, unreliable buffers of a fixed (typically small) maximum length. This socket type uses the User Datagram Protocol (UDP) for the Internet address family (AF_INET or AF_INET6).

SOCK_RAW
3

A socket type that provides a raw socket that allows an application to manipulate the next upper-layer protocol header. To manipulate the IPv4 header, the IP_HDRINCL socket option must be set on the socket. To manipulate the IPv6 header, the IPV6_HDRINCL socket option must be set on the socket.

SOCK_RDM
4

A socket type that provides a reliable message datagram. An example of this type is the Pragmatic General Multicast (PGM) multicast protocol implementation in Windows, often referred to as reliable multicast programming.

This type value is only supported if the Reliable Multicast Protocol is installed.

SOCK_SEQPACKET
5

A socket type that provides a pseudo-stream packet based on datagrams.

 

Protocol

The protocol to be used. The possible options for the protocol parameter are specific to the address family and socket type specified. Possible values for the protocol are defined in the Wsrm.h header file and the IPPROTO enumeration type defined in the Ws2def.h header file. Note that the Ws2def.h header file is automatically included in Winsock2.h, and should never be used directly.

If a value of 0 is specified, the caller does not wish to specify a protocol and the service provider will choose the protocol to use.

The table below lists common values for the protocol although many other values are possible.

protocolMeaning
IPPROTO_ICMP
1

The Internet Control Message Protocol (ICMP). This is a possible value when the af parameter is AF_UNSPEC, AF_INET, or AF_INET6 and the type parameter is SOCK_RAW or unspecified.

IPPROTO_IGMP
2

The Internet Group Management Protocol (IGMP). This is a possible value when the af parameter is AF_UNSPEC, AF_INET, or AF_INET6 and the type parameter is SOCK_RAW or unspecified.

BTHPROTO_RFCOMM
3

The Bluetooth Radio Frequency Communications (Bluetooth RFCOMM) protocol. This is a possible value when the af parameter is AF_BTH and the type parameter is SOCK_STREAM.

IPPROTO_TCP
6

The Transmission Control Protocol (TCP). This is a possible value when the af parameter is AF_INET or AF_INET6 and the type parameter is SOCK_STREAM.

IPPROTO_UDP
17

The User Datagram Protocol (UDP). This is a possible value when the af parameter is AF_INET or AF_INET6 and the type parameter is SOCK_DGRAM.

IPPROTO_ICMPV6
58

The Internet Control Message Protocol Version 6 (ICMPv6). This is a possible value when the af parameter is AF_UNSPEC, AF_INET, or AF_INET6 and the type parameter is SOCK_RAW or unspecified.

IPPROTO_RM
113

The PGM protocol for reliable multicast. This is a possible value when the af parameter is AF_INET and the type parameter is SOCK_RDM. This protocol is also called IPPROTO_PGM.

This protocol value is only supported if the Reliable Multicast Protocol is installed.

 

ProcessId

The actual process ID or an indicator if the event was a result of Winsock code run in a system process or in a deferred procedure call (DPC) context (contexts outside the user process).

Status

The NTSTATUS code for the operation.

Remarks

The AFD_EVENT_CREATE event is traced for a Winsock network operation to create a socket. The channel for this event is Winsock-AFD. The level for this event is informational.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

See also

Control of Winsock Tracing
EVENT_DESCRIPTOR
Winsock Tracing
Winsock Tracing Levels
Winsock Catalog Change Tracing Details

 

 

Community Additions

ADD
Show:
© 2014 Microsoft